vb.net ReadProcessMemory使用方法

网上好多关于ReadprocessMemory、WriteprocessMemory使用方法的贴子都不能用，下面是本人亲自测过可用的，望对大家有用。

    ''' <summary>
    ''' 读取内存地址
    ''' </summary>
    ''' <param name="hProcess">进程句柄</param>
    ''' <param name="lpBaseAddress">内存地址</param>
    ''' <param name="lpBuffer">数据存储变量</param>
    ''' <param name="nSize">长度sizeof(lpBuffer)</param>
    ''' <param name="lpNumberOfBytesRead">读取长度</param>
    ''' <returns></returns>
    ''' <remarks></remarks>
    Declare Function ReadProcessMemory Lib "kernel32.dll" (ByVal hProcess As Integer, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer As IntPtr, ByVal nSize As Integer, ByRef lpNumberOfBytesRead As Integer) As Boolean

    ''' <summary>
    ''' 写入内存地址
    ''' </summary>
    ''' <param name="hProcess">进程句柄</param>
    ''' <param name="lpBaseAddress">写入进程的内存地址</param>
    ''' <param name="lpBuffer">数据存储变量</param>
    ''' <param name="nSize">长度sizeof(lpBuffer)</param>
    ''' <param name="lpNumberOfBytesWritten">实际数据的长度</param>
    ''' <returns></returns>
    ''' <remarks></remarks>
    Declare Function WriteProcessMemory Lib "kernel32" Alias "WriteProcessMemory" _
        (ByVal hProcess As Integer, ByVal lpBaseAddress As IntPtr, _
         ByVal lpBuffer As Byte(), ByVal nSize As Integer, ByVal lpNumberOfBytesWritten As IntPtr) As Boolean

Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Integer, ByVal dwProcessId As Integer) As Integer

    Friend Const PROCESS_ALL_ACCESS = &H1F0FFF = 2035711
    Friend Const PROCESS_VM_READ = &H10
    Friend Const PROCESS_VM_WRITE = &H20

 Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        Dim hw As Integer = OpenProcess(PROCESS_VM_READ, False, 4304)
        Dim getstr(12) As Byte
        Dim GetStrIntptr = Marshal.UnsafeAddrOfPinnedArrayElement(getstr, 0)
        Button1.Text = "read结果：" & ReadProcessMemory(hw, CType(&H4D45A0, IntPtr), GetStrIntptr, 12, 0)
        TextBox1.Text = Marshal.PtrToStringUni(GetStrIntptr)
        TextBox3.Text = "GLE:" & GetLastError
        CloseHandle(hw)
    End Sub
‘需要注意：readprocessmemory的lpBuffer放的地数组地址的基址，需要用marshal转化一下。Marshal.PtrToStringUni(GetStrIntptr)输出内容。

    Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
        Dim hw As Integer = OpenProcess(&H1F0FFF, False, 4304)
        Dim Wrtstr(12) As Byte
        Wrtstr = System.Text.Encoding.Unicode.GetBytes("vbWrit")
        Button2.Text = "Write结果：" & WriteProcessMemory(hw, CType(&H4D45A0, IntPtr), Wrtstr, 12, 0)
        TextBox3.Text = "GLE:" & GetLastError
        CloseHandle(hw)
    End Sub

转载于:https://blog.51cto.com/9369901/2324219